What Opportunities the Patient Data Protection Act Misses
Created: 07.01.2022
The Patient Data Protection Act (PDSG) is intended to simplify administrative processes in healthcare for patients, physicians, pharmacies, and researchers alike. At the same time, data protection advocates and business associations from the medical sector have voiced criticism. An overview.
What is the Patient Data Protection Act?
The Patient Data Protection Act grants patients the ability to store their health data in an electronic health record (ePA) starting in 2021. This digital record is provided by the health insurance company, and physicians can enter data such as examination results or diagnoses into the ePA with the patient’s consent.
Starting in 2022, the following digital documents can be stored in the electronic patient record:
-
E-prescriptions
-
Medical reports and X-rays
-
Vaccination records
-
Maternity log
-
Child health record
-
Dental bonus booklet
Patient Data Protection Act to Ensure Greater Control Over Personal Information
According to the German Federal Ministry of Health, patients are to have sole control over their digital patient record starting in 2022. They decide which information is stored or deleted and can grant access to specific data for other physicians.
If a patient seeks a second opinion, for instance, they can share relevant health data from the ePA with the treating doctor. Patients determine who can access what information—preventing, for example, dental reports from being visible to a gynecologist.
Moreover, the Patient Data Protection Act aims to streamline administrative procedures. This includes redeeming digital prescriptions at pharmacies or processing specialist referrals via the ePA.
White Paper
Patient Data Donation Possible Starting in 2023
From 2023 onward, individuals with an electronic patient record can choose to donate their health data to medical research. With the patient’s permission, the information will be transmitted directly from the ePA to a research data center.
According to the Federal Ministry of Health, the data will be processed in accordance with data protection regulations and used for legally defined purposes to improve healthcare. These purposes include:
-
Analyzing treatment processes and healthcare services
-
Resource planning in hospitals, such as drug distribution and bed occupancy
-
Further development of statutory health insurance
In the long term, this could strengthen the digitalization of the healthcare system and promote digital innovation in clinical care.
Criticism of the Patient Data Protection Act
Data protection advocates have raised concerns about the new law. Until 2022, physicians could access all data in the ePA once it was enabled, since patients had not yet been granted selective access controls. This violates the principle of purpose limitation.
There are also doubts about the practical usability of the ePA. Currently, it is only available via a mobile app, making it inaccessible to individuals who do not own a smartphone or tablet. For this reason, some argue that the launch of the ePA is premature. The government, however, maintains that use of the ePA is voluntary and therefore in line with data protection law.
In addition, the telematics infrastructure that underpins the ePA is still under development. Without reliable and user-friendly digital applications, insured persons may struggle to benefit from its potential.
Industrial Research Excluded from Data Donation
Currently, only selected federal and state authorities and public research institutions can apply to access ePA data. Industrial research—such as pharmaceutical, MedTech, or biotech companies—is excluded from using these data. Access is only possible through collaborations with authorized entities and even then, only in a limited way, without the right to further process the data independently.
Yet, the use of real-world data by industrial research offers significant potential to improve healthcare. Data from the ePA could be used in private clinical research for:
-
Analyzing individual treatment pathways
-
Developing new approaches for diagnostics and therapy
-
Providing comparator datasets for upcoming studies
Such contributions could also enhance the digital ecosystem surrounding the telematics infrastructure.
How Finland Uses Digital Patient Data
In other European countries, private research already plays an equal role in using patient data. Finland, for example, is one of the most digitally advanced healthcare systems in Europe.
Findata is the central access point for linked data research involving science, authorities, and industry. Much like the German research data center, Findata is responsible for acquiring, processing, and securely distributing data. This includes health data from fitness trackers and other mobile apps and devices.
Industrial research also benefits from this government-backed platform by gaining access to digitally aggregated or pseudonymized data under strict data protection compliance. When linked with the national ePA, this creates a solid foundation for responsible innovation that is supported by both patients and society.
Conclusion
The digitalization of patient information presents new opportunities for clinical research. In this context, the Patient Data Protection Act could be a meaningful step toward the future. However, its potential for industrial research remains untapped. Other countries show that the use of donated health data by companies is possible under GDPR and can significantly contribute to the development of clinical studies, treatment methods, and patient care.
This is a future vision from which not only companies—but also patients, policymakers, and society at large—could benefit.
1 Patientendaten-schutz-Gesetz: https://www.bundesgesundheitsministerium.de/patientendaten-schutz-gesetz.html
3 Findata – Finnish Social and Health Data Permit Authority: https://findata.fi/en/